| THE CBS CONNECTION
The Justice Department inspector general is looking into my computer intrusions and asks to see the CBS-commissioned report from Patel. The head of the IG forensics unit suggests that if we hand over my computers, his experts can conduct an independent analysis and possibly find more information, perhaps even the proof as to who’s responsible. The IG has its own technical staff and lab that are separate and apart from the FBI’s analysts. But CBS declines. One CBS official points out, as had Number One, that the IG works for the same agency that we believe is responsible.
“Do you really trust the IG?” the CBS official asks me. “Why should CBS trust our computers to the same agency that could be implicated?”
I explain my rationale. Worst-case scenario: the IG comes up with nothing more than we already know. Best-case scenario: he finds more. Who better than the government’s own technicians to dig into a government intrusion? But the bigger hurdle to the concept of handing over the CBS computer is that news organizations vehemently protect their independence and resist attempts by law enforcement to obtain company property. Granted, this situation is a bit different: the law enforcement body isn’t reaching into the news organization uninvited. Instead, a crime has been committed and the IG is asking for the computer and report to act in my interests. Nonetheless, policy is policy, there are legal implications, and CBS decides that the IG can’t have the CBS laptop computer or Patel’s report.
If no law enforcement or investigative body can have access to my CBS computer, then in some respects I’m the victim of a crime that can’t be thoroughly investigated. At least not in the ordinary way. I can’t expect the FBI to investigate impartially if some of its people are involved in the crime. In fact, I can’t expect anyone to investigate if CBS won’t let them analyze the computer. And the main concern of CBS News is the integrity of its professional network systems rather than my individual circumstances. The corporation hasn’t demonstrated any interest in getting to the bottom of the crime committed against me and my family, and potentially my sources. The news division hasn’t expressed even a modicum of concern for my potentially compromised and chilled sources or its own compromised newsroom operations.
It didn’t make sense that the moment I reported the intrusion, no alarm bells were sounded at the highest levels of the CBS corporation. I imagined there would be technology security experts who would ask a lot of questions, visit my house, and devise ways to make me feel more secure and to ensure that all of CBS’s sources and materials are protected. I thought they’d want to examine my supposedly compromised smartphones. But nobody did.
In fact, CBS has specialists tasked with doing this very sort of work, but I only learn of them when a colleague asks me what work the “special team” is doing on my case.
“What special team?” I ask.
“The guys headed up by Joel Molinoff,” says my colleague. “Haven’t they been working on your case?”
“Never heard of them.”
My colleague is surprised. He goes on to explain that Molinoff is CBS’s chief information security officer. He’s held seminars with 60 Minutes staff on cybersecurity issues such as protecting their information abroad. He’s a wealth of information and a great resource on computer security. But in all these months, he’s yet to reach out to me.
“He’s a former NSA guy,” adds my colleague. “I’ll find his extension and send it to you.”
A former NSA guy?
I do a quick Internet search. It turns out that Molinoff came to CBS after having just served in Obama’s White House as the assistant director of the President’s Intelligence Advisory Board. Prior to that, says his bio, he was an executive at the NSA.
Why wouldn’t a guy with that kind of background be keenly interested and involved in investigating my computer intrusions?
Not long after I learn that there’s a former NSA guy at the helm of CBS information security, he sends a company-wide memo that seems to refer to my situation without mentioning me. The memo on June 7, 2013, explains what should be done if someone suspects a security breach of their CBS computers. Once the incident is reported, says the memo, there will be a response team that will take steps to resolve the issue.
Since the memo is clear that the victim has a duty to report, and since Molinoff has never acknowledged my incident nor has he contacted me, I send him an email asking whether he’s briefed up on my computer intrusions. I offer to answer any questions he may have. He doesn’t reply. A week later, I follow up. This time, I get a perfunctory response from Molinoff saying that he and his team are aware of the situation and take any breach “very, very seriously.” He asks no questions and to this day no CBS security officials have attempted to ask me the details of what happened.
| SPY CLASS 101
As the story of the government’s overreach expands and word gets around about the investigation into my computers, sources step forward to privately offer me moral support, information, and assistance. They fill my head with stories about the government’s secret capabilities and how they could be misused by those with malicious motives.
For example, one of them tells me about a covert skill the U.S. government is actively perfecting: the ability to remotely control vehicles. There are several ways to do it. The former U.S. national coordinator for security, infrastructure protection, and counterterrorism Richard Clarke discussed the technology in a June 2013 interview with the Huffington Post. He said that intelligence agencies know how to remotely seize control of a car through a “car cyber attack.”
“It’s relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn’t want acceleration, to throw on the brakes when the driver doesn’t want the brakes on, to launch an air bag,” Clarke tells the online blog. “You can do some really highly destructive things now, through hacking a car, and it’s not that hard.”
In this particular interview, Clarke is responding to questions about the fatal single-car crash of reporter Michael Hastings as he was said to be researching a story related to the scandal that forced the resignation of CIA director Petraeus in 2012. Shortly before Hastings’s death, he reportedly said he thought the FBI was investigating him, which the FBI denied. Officials who investigated the car crash say no foul play was suspected and Clarke doesn’t dispute that. But Clarke says, hypothetically, “If there were a cyber attack on the car—and I’m not saying there was—I think whoever did it would probably get away with it.”
Clarke’s assessment of the available technology is based in part on a 2011 report by university computer scientists. It states that computer hackers can gain remote unauthorized access to vehicles much like a computer, controlling the engine and other basic functions. Apparently, the car hacking can be accomplished using cellular connections and Bluetooth wireless technology. Hackers can take control, track, and even listen in without having any direct physical access to the vehicle, according to one of the lead researchers, Stefan Savage of the University of California, San Diego.
My source tells me something about a related technology he says the government is developing. Covert operators can substitute the stock electronic control units in vehicles for special replacements: one to control the car’s transmission and another that controls the engine. A remote controller can then slow, stop, or speed up the car and make it impossible for the driver to do much about it. The government developers, working in secret with black budgets that don’t appear on any ledger, are having a little trouble keeping the demo units from overheating. They’re expediting the troubleshooting and sparing no expense. Money is no object. There’s an endless source of tax dollars for this project.
The source shows up at my house one wintry evening and wants to check out my car for anything suspicious. He says that I’ve upset so many people at high levels that anything is possible, even the idea that somebody has
tampered with my vehicle. I appreciate the thought but tell him it’s unnecessary. He insists and my husband says to go ahead and let him look. It concerns me that somebody with links to covert agencies actually thinks that a government operative might be capable of sabotaging my car. The source and my husband spend forty-five minutes shivering in the garage, flashlight in hand, rooting around under the hood and in the front seat of my car, and find nothing.
As a matter of protecting my own interests, I’ve begun working with a small group of people who aren’t connected to CBS. This includes an attorney, another independent computer forensics expert, and several sources.
In July 2013, I’m preparing to leave the country on vacation. It’ll feel good to get away from everything. But before I go, an acquaintance contacts an intermediary and asks me to call. It’s been more than a year since we last spoke.
“Can we meet me at your house—tonight?” Terry**** asks. He doesn’t want to say much on the phone.
“Sure,” I reply.
“Can you meet me in the driveway? And . . .” He hesitates. “Can you leave your phone inside the house?” Terry is a very polite guy. By the tone of the brief conversation, I already know he’s going to talk to me about my computer incidents.
I finish my tae kwon do workout and get home just in time for the driveway rendezvous. I sit on the brick stoop in front of my house and wait, still damp with martial arts sweat. It’s humid and warm and starting to get dark. Terry pulls into the driveway, hops out, and joins me on the stoop. He’s carrying a Baggie and a folder.
“I know what’s been happening to you,” he says with genuine concern. “If there’s anything I can do to help, I want to.”
Terry, like so many in this region, has connections to the three-letter agencies. He tells me in quiet tones that he’s angry at the thought of the government conducting covert surveillance on law-abiding private citizens and journalists.
“I’ve spent my whole career developing and using techniques that are meant to be used on terrorists and bad guys. Not people like you.”
He opens the Baggie and shows me an array of bugging devices of different sizes and shapes. He pulls them out one at a time and explains how each one could be disguised to fit into a different host. I don’t think anyone is using bugs in my house. But I remind myself that not long ago, I didn’t think anybody would break into my computers. In any event, Terry is giving me a crash course: Spy Class 101.
He looks around. Up the driveway. Both sides and across the street. “Let’s take a walk.”
Terry tells me of a conversation he’d had with my husband back in 2011. He’d noticed a white utility truck parked up the street by a pond.
“I didn’t like that. I didn’t like it at all,” he tells me now, shaking his head. “I talked to your husband about it at the time. He’d already noticed the truck, too.
“I didn’t like it because I recognized the type of truck and the type of antennae it had. And if you look”—he points up the street—“there’s a direct line of sight from where it was parked to your house.” My husband, who once worked in law enforcement intelligence, had on several occasions in the past couple of years mentioned the presence of nondescript utility trucks parked in our neighborhood—trucks that were working on no known utility projects. Neighbors noticed, too. Ours is a small community filled with people who pay attention to such things. Some of them worked for the three-letter agencies.
For more than an hour, Terry tells me fantastical stories of incredible covert capabilities the government has. I think about James Bond getting briefings on secret gadgets from Q Division. Terry says there’s a way to shoot an arrow from a distance into the outside of a building and have it penetrate through the outer wall, just far enough to stop short of the drywall, where it plants a listening device. Or the government may find out you’re attending a professional conference and plant spyware on every CD to be given out at the event, in hopes that you’ll take one and insert it into your computer. Or they find out when you’re taking your car in to be serviced and arrange to install transmitters in your taillights.
“That’s sort of like the antennae. Then an audio receptor can be placed inside your car. That way they know where you are and when you’re coming home.”
Terry tells me about the government’s secretive departments of Flaps & Seals. They specialize in—well—flaps and seals. For example, they intercept something you’ve ordered in the mail, and open the “flaps” and break the “seals” to outfit the product with a bug or malware. Then they reseal the flaps and seals so expertly that you can’t tell anyone has been in the package. When it arrives at your house, you install the software or attach the device to your computer and voilà! You’ve bugged yourself. Simple and clever.
Terry tells me that the government’s technical surveillance tools are limitless. Wide domestic use of drones has opened a whole new world of possibilities. A small drone with a camera can easily hover quietly above my house for forty-five minutes while it uploads data or downloads software.
“And then there are lightbulbs,” Terry says. “Your audio can be monitored through lightbulbs. Lamps. Clock radios. Outdoor lights.”
The lightbulbs have ears?
“How can a lightbulb emit a signal?” I ask. “If it’s transmitting, can that be detected?”
“It doesn’t use a transmitter,” Terry explains. “It operates off the electrical current in your house. It’s called electric current technology.”
That blows my mind.
“The names of the people who are executing surveillance on you won’t be found in a criminal database,” Terry tells me. “More likely they’re in Scattered Castles.”
He explains that Scattered Castles is a database used across all components of the intelligence community that verifies personnel security access to Sensitive Compartmented Information and other caveated programs.
This is all fascinating but a little academic. And in a way, some of it sounds so 1990s. From what I’ve learned, it seems the government and its operatives don’t need to go to these extraordinary lengths to track and monitor people. We’re all so wired through the Internet and our smartphones: that’s all they really need. No reason to plant a bug or follow people around on foot. That’s expensive, time-consuming, and potentially traceable. Accessing communications through the major telecommunications companies or Internet providers and search engines—that’s free, easy, and undetectable. Piece of cake.
It’s dark now. Terry darts a glance up and down my neighborhood streets for the tenth time and redirects our walk back to the stoop. “I’ll do anything I can to help.”
| JUSTICE DEPARTMENT ON THE HOT SEAT
Senator Tom Coburn, a Republican from Oklahoma, is hopping mad over the government’s antics in targeting news reporters. In July 2013, he poses a lengthy list of questions to Attorney General Holder at the Justice Department. Some of them have to do with my case. The questions are carefully crafted to cover a number of scenarios.
1.During your tenure as attorney general, has any employee, contractor or other representative of your Department secretly, without notice to the subject, obtained information regarding the communication of any journalist, including Ms. Attkisson?
2.During your tenure as attorney general, has any employee, contractor or other representative of your Department obtained access to any computer used by a journalist or news organization, including Ms. Attkisson and CBS News, without the knowledge of the journalist or organization?
3.During your tenure as attorney general, has any employee, contractor or other representative of your Department attempted to remove, exfiltrate or otherwise transfer data to or from any computer used by a journalist or news organization, including Ms. Attkisson and CBS News, without the knowledge of the journalist or organization?
Though the letter should have been promptly addressed, five months would pa
ss before the Justice Department would provide a response. And in the response, which follows, none of the relevant questions were answered:
“Your letter asks whether the Department is responsible for incidents in 2012 in which the computer of Sharyl Attkisson, a CBS reporter, was allegedly hacked by an unauthorized party. The Department is not. It also does not appear that CBS or Ms. Attkisson followed up with the Federal Bureau of Investigation for assistance with these incidents,” writes the Justice Department to Coburn.
Instead of answering the questions at hand, the administration had posed an entirely different question and chosen to answer that one. Senator Coburn’s letter hadn’t referred to “hacks,” it didn’t narrow its questions to 2012, didn’t ask whether the Justice Department was “responsible,” and didn’t isolate its questions to the Justice Department alone. I conclude there’s a reason they stuck to posing and denying a very narrow set of circumstances, using such specific language, rather than simply answering the questions Coburn asked.
I find irony in the fact that, in its brief response, the Justice Department implies I should have approached the FBI for “assistance.” Especially since I now have learned that, months ago, the FBI opened a computer intrusion case with me listed as the “victim” but, oddly enough, never bothered to reach out to me. How often does the FBI start a case without notifying, or trying to collect basic information from, the supposed victim? It doesn’t seem as if they’re trying very hard to help me get to the bottom of it.
I see Coburn on Capitol Hill and he tells me that my case may be the worst, most outrageous violation of public trust he’s ever seen in all his years in office.
“And it’s not because it’s you,” he adds. He wants me to know that he’s judged the gravity of the situation based not on how I might have been personally or even professionally affected. It’s about the broad implications for government, the press, and society.
“I know,” I say.
Stonewalled: My Fight for Truth Against the Forces of Obstruction, Intimidation, and Harassment in Obama's Washington Page 33